Lucene search

MitreCVE-2017-12857

HistoryAug 25, 2017 - 7:29 p.m.

CVE-2017-12857

2017-08-2519:29:00

CWE-200

mitre

web.nvd.nist.gov

polycom

soundstation

vvx

realpresence trio

ucs

vulnerability

memory read

nvd

cve-2017-12857

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

58.8%

JSON

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone’s memory which could contain an administrator’s password or other sensitive information.

Affected configurations

Nvd

Node

polycomunified_communications_softwareRange≤4.0.11

AND

polycomsoundstation_ipMatch-

Node

polycomunified_communications_softwareRange≤5.4.6

polycomunified_communications_softwareRange≤5.5.1

AND

polycomvvxMatch-

Node

polycomunified_communications_softwareRange≤5.4.4

AND

polycomrealpresence_trioMatch-

VendorProductVersionCPE
polycomunified_communications_software*cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*
polycomsoundstation_ip-cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*
polycomvvx-cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*
polycomrealpresence_trio-cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
polycom	unified_communications_software	*	cpe:2.3:o:polycom:unified_communications_software::::::::
polycom	soundstation_ip	-	cpe:2.3:h:polycom:soundstation_ip:-:::::::*
polycom	vvx	-	cpe:2.3:h:polycom:vvx:-:::::::*
polycom	realpresence_trio	-	cpe:2.3:h:polycom:realpresence_trio:-:::::::*

References

support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf

www.securitytracker.com/id/1039309

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

58.8%

JSON

Related for CVE-2017-12857